Fix TLS*_METHOD for old pyopenssl releases
The TLS_METHOD constant was introduced in pyopenssl 21.0.0 [0], but some
older Octavia branches (from train to victoria) still use older releases
(19.1.0 for victoria) and then don't support it. Switch back to the
previous the SSL methods if the new constanst doesn't exist.
[0] https://github.com/pyca/pyopenssl/commit/5dc698861c91b4aa83b284b282c0e91cdcee49a3
Change-Id: Ib0eeb1136c168fcc32326f4ed8b008fb7f193a30
diff --git a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
index 29b73c6..9664c57 100644
--- a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
+++ b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
@@ -337,7 +337,10 @@
return False
return True
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_cb)
ca_store = context.get_cert_store()
@@ -473,7 +476,10 @@
return True
# Test that the default certificate is used with no SNI host request
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_server_cb)
ca_store = context.get_cert_store()
@@ -485,7 +491,10 @@
sock.do_handshake()
# Test that the default certificate is used with bogus SNI host request
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.TLSv1_2_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_server_cb)
ca_store = context.get_cert_store()
@@ -498,7 +507,10 @@
sock.do_handshake()
# Test that the SNI1 certificate is used when SNI1 host is specified
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.TLSv1_2_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_SNI1_cb)
ca_store = context.get_cert_store()
@@ -512,7 +524,10 @@
sock.do_handshake()
# Test that the SNI2 certificate is used when SNI2 host is specified
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_SNI2_cb)
ca_store = context.get_cert_store()
@@ -634,7 +649,10 @@
return True
# Test that the default certificate is used with no SNI host request
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_server_cb)
ca_store = context.get_cert_store()
@@ -646,7 +664,10 @@
sock.do_handshake()
# Test that the SNI1 certificate is used when SNI1 host is specified
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.TLSv1_2_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_SNI1_cb)
ca_store = context.get_cert_store()
@@ -660,7 +681,10 @@
sock.do_handshake()
# Test that the default certificate is used when SNI2 host is specified
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_server_cb)
ca_store = context.get_cert_store()
@@ -675,7 +699,10 @@
# Test that the SNI2 certificate is used with no SNI host request
# on listener 2, SNI2 is the default cert for listener 2
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_SNI2_cb)
ca_store = context.get_cert_store()
@@ -688,7 +715,10 @@
# Test that the SNI2 certificate is used with listener 1 host request
# on listener 2, SNI2 is the default cert for listener 2
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_SNI2_cb)
ca_store = context.get_cert_store()
@@ -703,7 +733,10 @@
# Test that the SNI2 certificate is used with SNI1 host request
# on listener 2, SNI2 is the default cert for listener 2
- context = SSL.Context(SSL.TLS_METHOD)
+ try:
+ context = SSL.Context(SSL.TLS_METHOD)
+ except AttributeError:
+ context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
_verify_SNI2_cb)
ca_store = context.get_cert_store()